Top of Form
Bottom of FormYou are the new IT Manager for the Cougar Corporation, a firm of 500 employees, with 5 buildings located in three different states. Much of the information is critical to the operation of the business and contains key customer information. As the new IT Manager, one of your employees comes to you concerned with the safeguarding of the firm’s information. As you investigate this issue further, you too are concerned as it does not appear many methods of safeguarding the firm’s information are in place. What methods would you want to make sure are in place to help with the safeguarding of information? What role do you see firewalls, intrusion detection systems, and antivirus systems playing in promoting security?
Write up a memo to your supervisor detailing methods you would like to see implemented across the firm and the role of firewalls, intrusion detection systems, and antivirus systems in promoting better safeguarding of the firm’s information.
8-3 What are the components of an organizational framework for security and control?
Even with the best security tools, your information systems won’t be reliable and secure unless you know how and where to deploy them. You’ll need to know where your company is at risk and what controls you must have in place to protect your information systems. You’ll also need to develop a security policy and plans for keeping your business running if your information systems aren’t operational.
Information Systems Controls
Information systems controls are both manual and automated and consist of general and application controls. General controls govern the design, security, and use of computer programs and the security of data files in general throughout the organization’s information technology infrastructure. On the whole, general controls apply to all computerized applications and consist of a combination of hardware, software, and manual procedures that create an overall control environment.
General controls include software controls, physical hardware controls, computer operations controls, data security controls, controls over the systems development process, and administrative controls.
Before your company commits resources to security and information systems controls, it must know which assets require protection and the extent to which these assets are vulnerable. A risk assessment helps answer these questions and determine the most cost-effective set of controls for protecting assets.
A risk assessment determines the level of risk to the firm if a specific activity or process is not properly controlled. Not all risks can be anticipated and measured, but most businesses will be able to acquire some understanding of the risks they face. Business managers working with information systems specialists should try to determine the value of information assets, points of vulnerability, the likely frequency of a problem, and the potential for damage. For example, if an event is likely to occur no more than once a year, with a maximum of a $1000 loss to the organization, it is not wise to spend $20,000 on the design and maintenance of a control to protect against that event. However, if that same event could occur at least once a day, with a potential loss of more than $300,000 a year, $100,000 spent on a control might be entirely appropriate.
After you’ve identified the main risks to your systems, your company will need to develop a security policy for protecting the company’s assets. A security policy consists of statements ranking information risks, identifying acceptable security goals, and identifying the mechanisms for achieving these goals.
8-4 What are the most important tools and technologies for safeguarding information resources?
Businesses have an array of technologies for protecting their information resources. They include tools for managing user identities, preventing unauthorized access to systems and data, ensuring system availability, and ensuring software quality.
Identity Management and Authentication
Midsize and large companies have complex IT infrastructures and many systems, each with its own set of users. Identity management software automates the process of keeping track of all these users and their system privileges, assigning each user a unique digital identity for accessing each system. It also includes tools for authenticating users, protecting user identities, and controlling access to system resources.
To gain access to a system, a user must be authorized and authenticated. Authentication refers to the ability to know that a person is who he or she claims to be. Authentication is often established by using passwords known only to authorized users. New authentication technologies, such as tokens, smart cards, and biometric authentication, overcome some of these problems. A token is a physical device, similar to an identification card, that is designed to prove the identity of a single user. Tokens are small gadgets that typically fit on key rings and display passcodes that change frequently. A smart card is a device about the size of a credit card that contains a chip formatted with access permission and other data. (Smart cards are also used in electronic payment systems.) A reader device interprets the data on the smart card and allows or denies access.
Biometric authentication uses systems that read and interpret individual human traits, such as fingerprints, irises, and voices to grant or deny access.
The steady stream of incidents in which hackers have been able to access traditional passwords highlights the need for more secure means of authentication. Two-factor authentication increases security by validating users through a multistep process.
Without protection against malware and intruders, connecting to the Internet would be very dangerous. Firewalls, intrusion detection systems, and anti-malware software have become essential business tools.
Firewalls prevent unauthorized users from accessing private networks. A firewall is a combination of hardware and software that controls the flow of incoming and outgoing network traffic.
Intrusion Detection Systems
In addition to firewalls, commercial security vendors now provide intrusion detection tools and services to protect against suspicious network traffic and attempts to access files and databases. Intrusion detection systems feature full-time monitoring tools placed at the most vulnerable points or hot spots of corporate networks to detect and deter intruders continually. The system generates an alarm if it finds a suspicious or anomalous event. Scanning software looks for patterns indicative of known methods of computer attacks such as bad passwords, checks to see whether important files have been removed or modified, and sends warnings of vandalism or system administration errors.
The intrusion detection tool can also be customized to shut down a particularly sensitive part of a network if it receives unauthorized traffic.
Defensive technology plans for both individuals and businesses must include anti-malware protection for every computer. Anti-malware software prevents, detects, and removes malware, including computer viruses, computer worms, Trojan horses, spyware, and adware. However, most anti-malware software is effective only against malware already known when the software was written. To remain effective, the software must be continually updated. Even then it is not always effective because some malware can evade detection. Organizations need to use additional malware detection tools for better protection.
Laudon, Kenneth C., and Laudon, Jane P. (2020). Management Information Systems: Managing The Digital Firm (16th ed). Boston: Pearson.
Plagiarism Free Papers
Thehomeworkwritings.com’s team of writers write all papers from scratch. We deliver 100% original, unique papers. That’s what makes us the best custom homework writing service
We provide unlimited free revisions to all customers and on all papers. Try The Homework Writings today for the best custom homework writing service and experience in the industry.
Thehomeworkwritings.com gives clients title pages free of charge. Your only job is to fill out our order form. We will handle the rest.
As the leading essay writing service, we never submit any paper without a reference/bibliography page. We do this free of charge too.
Originality & Security
At Thehomeworkwritings.com, we take great pride in delivering only high-quality 100% original papers to all our clients. We also never share any of our clients’ information with third parties. Your data is safe with us.
24/7 Customer Support
No other custom homework writing service has a friendly, always available customer support team to respond to clients like us.
Try it now!
How it works?
Follow these simple steps to get your paper done
Place your order
Fill in the order form and provide all details of your assignment.
Proceed with the payment
Choose the payment system that suits you most.
Receive the final file
Once your paper is ready, we will email it to you.
Why outsource our services
We have the best customer support team for your essay writing needs.
You won’t find any other custom homework writing service with pricing as flexible and affordable as ours.
Admission help & Client-Writer Contact
We provide a direct line of communication with our writers for the best writing experience.
As the leading custom homework writing service, we take deadlines very seriously. You will have your paper submitted on time without any delays.
We truly value your feedback, good or bad, and always use your feedback to help us provide you with an even better custom homework writing service